密码再见!互联网联盟推出新式在线身份认证
为不同账号设置不同的密码并且记住这些密码要消耗太多脑细胞,不少人干脆设置个简单的密码或者图省事将所有密码都设成一样的,但这却增加了密码被盗的风险。如今,一种新式在线身份认证可以让用户用其他身份认证方法登录网络和设备,这些方法包括硬件安全密钥、指纹、面部识别、虹膜扫描及其他生物特征识别解决方案。以后再也不用担心把密码忘了!
A new web standard is expected to kill passwords, meaning users will no longer have to remember difficult logins for each and every website or service they use.
一种新的网络标准或将终结密码的使用,用户不再需要记住网站以及个人设备的账号登录信息。
The Web Authentication (WebAuthn) standard is designed to replace the password with biometrics and devices that users already own, such as a security key, a smartphone, a fingerprint scanner or webcam.
这种“网络认证”标准旨在使用生物识别和用户已有的设备替代密码,比如安全密钥、智能手机、指纹扫描仪和网络摄像头。
Instead of having to remember an increasingly long string of characters, users can authenticate their login with their body or something they have in their possession, communicating directly with the website via Bluetooth, USB or NFC.
用户无需再记住越来越冗长的密码,而可以使用自己的身体特征或者已有的设备认证其登录信息,通过蓝牙、USB接口或近场通信技术直接完成在线身份认证。
“WebAuthn will change the way that people access the Web,” said Jeff Jaffe, chief executive of the World Wide Web Consortium (W3C), the body that controls web standards.
网络标准机构万维网联盟的董事长杰夫?贾福尔说:“网络认证能改变人们的上网方式。”
One example of how WebAuthn will work is that when a user visits a site they want to log into, they input a user name and then get an alert on their smartphone. Tapping on the alert on their phone then logs them into the website without the need for a password.
举例来说,如果一名用户想用电脑登录一个网站,他们可以输入用户名,之后就会在智能手机上收到提示。点击手机上的提示信息就可以顺利登录网站,而无需输入密码。
WebAuthn promises to protect users against phishing attacks and the use of stolen credentials as there will be nothing to steal, the authentication token is generated and used once by their specific device each time the user logs in.
“网络认证”标准将让用户无需担心受到网络钓鱼攻击,也不用担心认证信息被盗用,因为本身这些信息就不值得获取。每次用户登录网站时,都会生成特定设备才可使用的一次性身份认证指令。
“After years of increasingly severe data breaches and password credential theft, now is the time for service providers to end their dependency on vulnerable passwords and one-time-passcodes and adopt phishing-resistant FIDO Authentication for all websites and applications,” said Brett McDowell, executive director of the FIDO Alliance, one of the bodies pushing the new standard.
推动新标准实行的机构之一FIDO联盟(线上快速身份认证联盟)的执行董事布雷特?麦克道尔说:“这些年来数据泄露和密码信息被盗的情况越来越严重,现在服务提供商是时候结束对那些易受攻击的和一次性密码的依赖,并在所有网站和应用中使用可防止网络钓鱼的线上快速身份认证。”
The W3C has moved WebAuthn to what’s called the “candidate recommendation” stage – the penultimate step before it becomes an approved web standard – inviting sites and services to begin implementing it. The web standards body announced that Google, Microsoft and Mozilla had committed to supporting WebAuthn, meaning that all major web browsers short of Apple’s Safari will implement the new standard.
万维网联盟已将“网络认证”标准列入“候选推荐”阶段,这是互联网标准最终获得认可、邀请网站和设备开始应用之前的倒数第二个阶段。万维网联盟宣布,谷歌、微软和摩斯拉(火狐)已决心致力于支持这一标准,这意味着除了苹果公司的Safari浏览器外,所有的主流浏览器都将实施这一新标准。
“While there are many web security problems and we can’t fix them all, relying on passwords is one of the weakest links. With WebAuthn’s multi-factor solutions we are eliminating this weak link,” said Jaffe.
贾福尔说:“尽管互联网安全存在诸多问题,我们也无法全部解决,但依赖密码是其中最薄弱的环节。通过网络认证标准的多因素解决方案,我们将消除这一薄弱环节。”
Several sites and services already use similar methods to log in, including Google and Facebook, which can both be logged into using a USB security key. But a single cross-platform, cross-service standard ratified by the W3C will mean that many more sites and services will be able to kill the password as the defacto login method.
已有数家网站和多种设备使用类似的登录方式,谷歌和脸书等网站用户可以选择使用USB安全密钥登录。但互联网联盟批准的单一跨平台、跨设备标准意味着将有越来越多的网站和设备取消密码这种实际登录办法。
WebAuthn is the culmination of many years of work and the change will not happen overnight. But as it increasingly seems inevitable that our email or other online services will get hacked into, removing the password is an important step in improving online security and making using sites and services easier.
“网络认证”标准是数年成就积累的顶峰,这种改变并不能一蹴而就。但随着电子邮件和其他网络服务被黑客入侵越发不可避免,消除密码是提升网络安全、让网站和设备使用更加便捷的重要一步。
英文来源:卫报
中文来源:中国日报英语点津
A new web standard is expected to kill passwords, meaning users will no longer have to remember difficult logins for each and every website or service they use.
一种新的网络标准或将终结密码的使用,用户不再需要记住网站以及个人设备的账号登录信息。
The Web Authentication (WebAuthn) standard is designed to replace the password with biometrics and devices that users already own, such as a security key, a smartphone, a fingerprint scanner or webcam.
这种“网络认证”标准旨在使用生物识别和用户已有的设备替代密码,比如安全密钥、智能手机、指纹扫描仪和网络摄像头。
Instead of having to remember an increasingly long string of characters, users can authenticate their login with their body or something they have in their possession, communicating directly with the website via Bluetooth, USB or NFC.
用户无需再记住越来越冗长的密码,而可以使用自己的身体特征或者已有的设备认证其登录信息,通过蓝牙、USB接口或近场通信技术直接完成在线身份认证。
“WebAuthn will change the way that people access the Web,” said Jeff Jaffe, chief executive of the World Wide Web Consortium (W3C), the body that controls web standards.
网络标准机构万维网联盟的董事长杰夫?贾福尔说:“网络认证能改变人们的上网方式。”
One example of how WebAuthn will work is that when a user visits a site they want to log into, they input a user name and then get an alert on their smartphone. Tapping on the alert on their phone then logs them into the website without the need for a password.
举例来说,如果一名用户想用电脑登录一个网站,他们可以输入用户名,之后就会在智能手机上收到提示。点击手机上的提示信息就可以顺利登录网站,而无需输入密码。
WebAuthn promises to protect users against phishing attacks and the use of stolen credentials as there will be nothing to steal, the authentication token is generated and used once by their specific device each time the user logs in.
“网络认证”标准将让用户无需担心受到网络钓鱼攻击,也不用担心认证信息被盗用,因为本身这些信息就不值得获取。每次用户登录网站时,都会生成特定设备才可使用的一次性身份认证指令。
“After years of increasingly severe data breaches and password credential theft, now is the time for service providers to end their dependency on vulnerable passwords and one-time-passcodes and adopt phishing-resistant FIDO Authentication for all websites and applications,” said Brett McDowell, executive director of the FIDO Alliance, one of the bodies pushing the new standard.
推动新标准实行的机构之一FIDO联盟(线上快速身份认证联盟)的执行董事布雷特?麦克道尔说:“这些年来数据泄露和密码信息被盗的情况越来越严重,现在服务提供商是时候结束对那些易受攻击的和一次性密码的依赖,并在所有网站和应用中使用可防止网络钓鱼的线上快速身份认证。”
The W3C has moved WebAuthn to what’s called the “candidate recommendation” stage – the penultimate step before it becomes an approved web standard – inviting sites and services to begin implementing it. The web standards body announced that Google, Microsoft and Mozilla had committed to supporting WebAuthn, meaning that all major web browsers short of Apple’s Safari will implement the new standard.
万维网联盟已将“网络认证”标准列入“候选推荐”阶段,这是互联网标准最终获得认可、邀请网站和设备开始应用之前的倒数第二个阶段。万维网联盟宣布,谷歌、微软和摩斯拉(火狐)已决心致力于支持这一标准,这意味着除了苹果公司的Safari浏览器外,所有的主流浏览器都将实施这一新标准。
“While there are many web security problems and we can’t fix them all, relying on passwords is one of the weakest links. With WebAuthn’s multi-factor solutions we are eliminating this weak link,” said Jaffe.
贾福尔说:“尽管互联网安全存在诸多问题,我们也无法全部解决,但依赖密码是其中最薄弱的环节。通过网络认证标准的多因素解决方案,我们将消除这一薄弱环节。”
Several sites and services already use similar methods to log in, including Google and Facebook, which can both be logged into using a USB security key. But a single cross-platform, cross-service standard ratified by the W3C will mean that many more sites and services will be able to kill the password as the defacto login method.
已有数家网站和多种设备使用类似的登录方式,谷歌和脸书等网站用户可以选择使用USB安全密钥登录。但互联网联盟批准的单一跨平台、跨设备标准意味着将有越来越多的网站和设备取消密码这种实际登录办法。
WebAuthn is the culmination of many years of work and the change will not happen overnight. But as it increasingly seems inevitable that our email or other online services will get hacked into, removing the password is an important step in improving online security and making using sites and services easier.
“网络认证”标准是数年成就积累的顶峰,这种改变并不能一蹴而就。但随着电子邮件和其他网络服务被黑客入侵越发不可避免,消除密码是提升网络安全、让网站和设备使用更加便捷的重要一步。
英文来源:卫报
中文来源:中国日报英语点津
(编辑:织言)